The decentralized architecture of the Internet, which has been key to its development and worldwide deployment, is making it challenging to secure Internet user experience. Many organizations claim to be playing a role in improving Internet security. If anything, the space of security-related institutions seems on first inspection to be over-populated, yet poor security persists. This work proposes a framework to understand the role different institutions play in cyber security. The analysis gives insights into the broad institutional ecosystem of public, private and international actors, and the varied nature of these institutions, their interests, incentives, and contributions to cyber security from hardware, software, protocols, standards and regulation. Based on natural language clustering algorithms, this framework classifies institutions along five dimensions: the aspect of cyber security the institution covers, the industry and activity sector of the institution, whether it is part of a specific jurisdiction, specific institution’s characteristics such as its working mode or primary focus, and the institution governance type. This work is based on a dataset that was developed including approximately 120 institutions playing a role in cyber security. Using this framework, it is possible to better understand the nature of the large number of organizations currently shaping cyber security, the relationship between them, areas of competing and overlapping institutional interest, and the overall structure of institutional responses to cyber security.